public static extern int ZwConnectPort(ref System.IntPtr PortHandle, ref NAlpc.UNICODE_STRING PortName, ref SECURITY_QUALITY_OF_SERVICE SecurityQos, ref PORT_VIEW ClientView, ref REMOTE_PORT_VIEW ServerView, ref uint MaxMessageLength, System.IntPtr ConnectionInformation, ref uint ConnectionInformationLength);
public static unsafe void ClientThread1() { G.SECURITY_QUALITY_OF_SERVICE SecurityQos; UNICODE_STRING PortName; int Status = 0; IntPtr PortHandle = IntPtr.Zero; uint MaxMessageLength = 0; int MessageLength = sizeof(TRANSFERRED_MESSAGE); int ReplyLength = sizeof(TRANSFERRED_MESSAGE); uint PassCount; // // // // Allocate space for message to be transferred through LPC // // TRANSFERRED_MESSAGE LpcMessage = TRANSFERRED_MESSAGE.Create(); TRANSFERRED_MESSAGE LpcReply = TRANSFERRED_MESSAGE.Create(); for (PassCount = 0; PassCount < 3; PassCount++) { PortName.Length = (ushort)(LpcPortName.Length * 2); PortName.MaximumLength = (ushort)(PortName.Length + 2); PortName.buffer = Marshal.StringToHGlobalUni(LpcPortName); SecurityQos = new G.SECURITY_QUALITY_OF_SERVICE(); SecurityQos.Length = (uint)sizeof(G.SECURITY_QUALITY_OF_SERVICE); SecurityQos.ImpersonationLevel = SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation; SecurityQos.EffectiveOnly = 0; SecurityQos.ContextTrackingMode = 1; // SECURITY_DYNAMIC_TRACKING; // _tprintf(_T("Client: Test sending LPC data of size less than 0x%lX bytes ...\n"), MAX_LPC_DATA); // _tprintf(_T("Client: Connecting to port \"%s\" (NtConnectPort) ...\n"), LpcPortName); uint sss = 0; Status = G.NativeMethods.NtConnectPort_NoMarshal(ref PortHandle, ref PortName, ref SecurityQos, IntPtr.Zero, IntPtr.Zero, ref MaxMessageLength, IntPtr.Zero, ref sss); AlpcErrorHandler.Check(Status); // _tprintf(_T("Client: NtConnectPort result 0x%08lX\n"), Status); // // // // Initialize the request header, reply header and fill request text // // G.PORT_MESSAGE.InitializeMessageHeader(ref LpcMessage.Header, (ushort)MessageLength, 0); G.PORT_MESSAGE.InitializeMessageHeader(ref LpcReply.Header, (ushort)ReplyLength, 0); LpcMessage.MessageText = 123.456; if (PassCount == 0) { // _tprintf(_T("Client: Sending request, reply not required (NtRequestPort)\n")); LpcMessage.Command = 123; //LPC_COMMAND_REQUEST_NOREPLY; IntPtr asd = Marshal.AllocHGlobal(sizeof(TRANSFERRED_MESSAGE)); Marshal.StructureToPtr(LpcMessage, asd, false); Status = G.NativeMethods.NtRequestPort_NoMarshal(PortHandle, asd); AlpcErrorHandler.Check(Status); // _tprintf(_T("Client: NtRequestPort result 0x%08lX\n"), Status); Thread.Sleep(500); } // // // // SECOND PASS: Send the request and wait for reply // // // if(PassCount == 1) // { // _tprintf(_T("Client: Sending request, waiting for reply (NtRequestWaitReplyPort)\n")); // LpcMessage->Command = LPC_COMMAND_REQUEST_REPLY; // Status = NtRequestWaitReplyPort(PortHandle, &LpcMessage->Header, &LpcReply->Header); // _tprintf(_T("Client: NtRequestWaitReplyPort result 0x%08lX\n"), Status); // Sleep(500); // } // // // // THIRD PASS: Send the Stop command // // // if(PassCount == 2) // { // _tprintf(_T("Client: Sending STOP request, reply not required (NtRequestPort)\n")); // LpcMessage->Command = LPC_COMMAND_STOP; // Status = NtRequestPort(PortHandle, &LpcMessage->Header); // _tprintf(_T("Client: NtRequestPort result 0x%08lX\n"), Status); // Sleep(500); // } // // // // Close the connected port // // // if(PortHandle != NULL) // { // _tprintf(_T("Client: Closing the port (NtClose) \n")); // Status = NtClose(PortHandle); // _tprintf(_T("Client: NtClose result 0x%08lX\n"), Status); // } } }
public static extern int NtConnectPort_NoMarshal(ref System.IntPtr PortHandle, ref NAlpc.UNICODE_STRING PortName, ref SECURITY_QUALITY_OF_SERVICE SecurityQos, IntPtr ClientView, IntPtr ServerView, ref uint MaxMessageLength, System.IntPtr ConnectionInformation, ref uint ConnectionInformationLength);